Early one morning, a distraught client’s Controller called to report she had authorized an $18,000 electronic transfer to an unknown party posing as the company’s CEO. She was a victim of spoofing, one of several fast growing Social Engineering practices, which facilitates the ability for hackers to steal money. Spoofing is to cybersecurity what camouflage is to bugs and animals. It is a method for cyber criminals to disguise their fraudulent operation and make it seem genuine, and true.
In this situation, the Controller received an email from the supposed CEO, who was traveling on business in New York, requesting an $18,000 deposit for a just closed deal to be sent to the named party. There was no reason to believe the message was not authentic. It was contained within the company email format, with the CEO’s signature, who was known to be in New York on business– it all added up. The Spoof wasn’t realized until the following day when the two had a phone conversation. As unfortunate as the situation was, it could have been worse, should more detailed bank account information been released or other information that could be useful for identity theft purposes.
Since core SMTP (Simple mail Transger Protocol) fails to offer email authentication, it is simple to impersonate an email, once a hacker gains network access by exploiting system vulnerabilities, or by an employee unknowingly letting an intruder gain access. Once in the network, the offending party perches inside the system for a period of time with free access to become oriented with the organization. By monitoring activity, transactions and email conversations this covert method provides the intelligence necessary to determine opportunities to covertly extort money through ransomware or a spoof. The CEO’s trip was that opportunity to initiate the fraud.
Fortunately, my client was protected by a CyberRisk policy, which included a Social Engineering Endorsement specifically for Ransomware and Spoofing losses. There are many tools and practices that organizations can employ to reduce the threat of spoofing attacks. Common measures that organizations can take for spoofing attack prevention include:
1. Packet filtering: Packet filters inspect packets as they are transmitted across a network. Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa).
2. Avoid trust relationships: Organizations should develop protocols that rely on trust relationships as little as possible. It is significantly easier for attackers to run Spoofing attacks when trust relationships are in place because they only use IP addresses for authentication. Use verbal verification.
3. Use Spoofing detection software: There are many programs available that help organizations detect spoofing attacks, particularly ARP Spoofing. These programs work by inspecting and certifying data before it is transmitted and blocking data that appears to be spoofed.
4. Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS) and other secure communications protocols bolster spoofing attack prevention efforts by encrypting data before it is sent and authenticating data as it is received.
5. Educate employees about how to recognize phishing emails:
a. Look for email addresses that are close but not exact — For instance, a phishing address may end in “.co” rather than the expected “.com” or “.ca”. b. Verify all links included in the body of the email by hovering over the link to see what URL it actually goes to.
c. Look for logos that feel a bit off, as well as misspellings or grammatical errors in emails from reputable institutions such as banks or government offices.
d. Be suspicious of emails that request passwords, personal information, or money.
e. The most important rule: Don’t click on links, and don’t download attachments unless you’re positive you know the sender — and feel free to check with that sender before clicking on anything.
With this knowledge, these prevention methods and some cyber know-how, you can mitigate Spoofing attacks and keep your business, employees, and customers safe. Although there is no single-hand solution, staying up to date on the latest scamming tactics allows you to be proactive and bounce back should hackers strike.
Because it is difficult for organizations to quantify their own security posture, Orion Risk Management and our security operations partner developed Cyber Protection Reimagined. This end-to-end solution identifies an organization’s network vulnerabilities, closes gaps, provides workforce compliance, educates employees on how to avoid exposing the network to hackers, provides 24×7 monitoring and establishes a post-incident response plan. These best in class attributes reduce the chance of cyber disruption for an improved risk profile, resulting in more favorable Cyber Insurance terms and conditions. This holistic approach and powerful solution is transforming the way our clients view their cyber exposure to better manage this risk.
Remember, an attacker doesn’t have to be good every time, they just need to be successful once! We believe the best defense against this is a good offense.